Medium severity5.3NVD Advisory· Published Sep 18, 2018· Updated Jun 17, 2026
CVE-2018-17178
CVE-2018-17178
Description
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 2.2.0
Patches
Vulnerability mechanics
References
1- media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleanersnvdExploitTechnical DescriptionThird Party Advisory
News mentions
0No linked articles in our index yet.